Hi!
> It works this way:
[...]
Ok. But in the very case, it's actually not the client who would want to
read the authzTo attribute, but Server B. Server B tries to decide if a
specific user who authenticated is allowed to assume the authorization
of a different user. For that reason, Server B tries to read the authzTo
attribute of the user object. That user object lives on Server A and
does not have an authzTo attribute but only a saslAuthzTo attribute, due
to the fact that the name of that internal attribute changed between 2.2
and 2.3.
We can see Server B querying Server a for the authzTo attribute. So that
part is fine.
From the log files I can see there is something like "internal search".
Would an overlay and a rwn-map apply to such an internal search as well?
Regards,
Torsten
Pierangelo Masarati wrote:
Torsten Schlabach (Tascel eG) wrote:
Pierangelo!
I will happily provide some detailed debugging output. I just wanted
to make sure that I understood the concept of rwm-map properly. So
looking at our config, there isn't anything obvious that we have missed?
No.
Just to confirm:
We have
Server A <--- Server B <--- Client
(bdb) (ldap)
I need the overlay to happen between Server B and Server A, not
between the the client an Server B.
The manual isn't that detailed ... Or did I miss anything.
It works this way:
<--- saslAuthzTo <--- <--- authzTo <---
Server A Server B Client
---> saslAuthzTo ---> ---> authzTo --->
(bdb) (ldap+rwm)
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: [EMAIL PROTECTED]
---------------------------------------
